Atlassian Bitbucket Server and Data Center Vulnerability
Identifier: CVE-2022-36804
Exploit or POC: Yes (Actively Being Exploited)
Update: https://jira.atlassian.com/browse/BSERV-13438
Description: CVE-2022-36804 allows for arbitrary code execution by transmitting malicious HTTP requests. To successfully exploit this vulnerability read permissions to a private or public Bitbucket repository is required.
Mitigation recommendation: Patching is currently the only method of mitigation
RedLegg Action: None at this time.
